Can I convert the ldif's userPassword:: "salted hash, aka SSHA" to "hash type$salt$hash" format of shadow passwords?
Or do I need to force those users with SSHA hashed passwords to change their password?
Most of the users passwords are in crypt format. I found a perl one liner to base64 decode those passwords hashes. (1)
I'm attempting to create shadow passwd files with an old Debian 6.0.10 (squeeze) LDAP installation and Debian's slapd package (2.4.23-7.3+deb6u2 squeeze-lts patched oldoldstable) includes a perl script ldiftopasswd, which I thought came from upstream, but it's not included in the most recent source of openldap. If my reading of the perl is correct, it was meant for earlier iterations of shadow passwords that did not include hash format or salt. I'm not having any success using the script this far.
1. http://www.perlmonks.org/bare/?node_id=963814 alias ldapdecode="perl -MMIME::Base64 -n -00 -e 's/\n //g;s/(?<=:: )(\S+)/decode_base64($1)/eg;print'" and just do ldapsearch | ldapdecode
Thanks, Chuck